Linux: Nginx as a WAF and reverse proxy (for WordPress running with Apache on cubieboard)

In my cubieboard saga, I continued installing Nginx to both accelerate and securise some Apache hosted sites.
Nginx is not always well supported by common opensource web applications such as WordPress. However, it performs really well as a (cache) reverse proxy. Using Naxsi module you can also build a free and efficient WAF, making Nginx a nice opensource enhencer for Apache hosting.

The following describes how to install Nginx with the aforementioned functionalities on a cubieboard (1) running debian with a root filesystem on an sdcard.

reverse_wp.conf : reverse proxy setting for every files (including dynamic php). Files are cached for 1h on the already defined cache entry “static”.
Note the usage of the “$backend” variable that is set in the virtualhost configuration.
The “naxsi_wordpress.rules” files contains the WAF rules to use (see next chapter)

With only theses rules, there is few chance to get a site working. To customize the rules file, the line “LearningMode” must be uncomment. This will let pass all queries but log every one which should be blocked.

So you can start browsing public and backoffice pages. When its done, a tool named “nx_util.py” is provided to parse error log file and generate a white list rules.